New job, posted less than a week ago!
Job Details
Posted date: Jan 21, 2026
Category: Security Operations Engineering
Location: Redmond, WA
Employment type: Internship
Work location type: 3 days / week in-office
Role: Individual Contributor
Description
OverviewSERPENT (Services Pentest) is looking for a learn-it-all Security Operations Intern to help secure Microsoft’s most critical online services through real-time detection, incident response, and data-driven security operations.
Are you looking for a challenge that puts you at the center of the Microsoft Specialized Clouds strategy? Are you passionate about solving the security challenges of critical, large-scale online services? Do you want to learn how Microsoft defends some of the world’s most important cloud and device ecosystems?
If you’re curious, analytical, and eager to learn how Security Operations works at Microsoft scale, this role is for you.
Microsoft’s Specialized Clouds organization is responsible for securing some of Microsoft’s largest and most influential online services across the Adaptive Cloud and Windows + Devices (W+D) organization.
As part of MCS, the SERPENT team partners deeply with Offensive Security, Engineering, and Incident Response teams to reduce risk and drive detection excellence across the company.
At Microsoft, Interns work on real-world projects in collaboration with teams across the world, while having fun along the way. You’ll be empowered to build community, explore your passions and achieve your goals. This is your chance to bring your solutions and ideas to life while working on cutting-edge technology. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
• Monitor security signals to identify anomalies, noise, and potential intrusions; drive improvements to detection quality
• Analyze detection outputs, investigate suspicious activity, and create new detections using Indicators of Compromise (IOC) and attacker TTPs
• Translate security policies and standards into practical, measurable controls across services
• Identify gaps in security controls and recommend mitigation strategies to engineering partners
• Collaborate across internal and external teams to deploy solutions that reduce risk and address threats
• Analyze KPIs, bug trends, unhealthy pipelines, and other data sources to identify patterns and influence improvements
• Evaluate data sets to identify anomalies, correlation patterns, and operational blind spots
• Contribute to penetration testing processes across the kill chain to strengthen controls and enhance detection readiness
• Support red team report analysis, issue tracking, and cross-team triage
• Drive automation opportunities across detection, response, and operational workflows
• Investigate potential control failures (e.g., network, identity, high-security systems) and recommend remediation strategies
• Support security incident response by analyzing attempts to compromise systems and recommending next steps
• Assist in limiting exposure by collaborating with partner teams on response actions
• Identify emerging threats based on external trends and influence defense prioritization
Qualifications
Required Qualifications
Candidate must be enrolled in a full time bachelor's or masters program in area relevant for the role during the academic term immediately before their internship.Candidate must have at least one additional quarter/semester of school remaining following the completion of the internship
Preferred Qualifications
Understanding of operating systems, identity systems, or networking fundamentals Experience using analytical skills with curiosity to explore data and identify patterns Ability to communicate clearly and collaborate with partners across engineering and security Experience participating in SOC or incident response labs, competitions, or university programs Exposure to SIEM tools or detection engineering concepts (e.g., KQL, Splunk, Elastic, Sentinel) Coursework or hands-on practice in threat intelligence, malware analysis, or digital forensics Experience using scripting skills in Python, PowerShell, Bash, or KQL for analysis or automation Familiarity with cloud concepts (Azure preferred), logging pipelines, or telemetry systems Experience with log analysis, anomaly detection, or building small automation workflows Interest in Kill Chain, MITRE ATT&CK, detection engineering, or blue/red team collaboration Exposure to data visualization tools (Power BI, Jupyter, notebooks) for operational insights Participation in research, security clubs, hackathons, or technical competitions Curiosity about emerging threats, attacker tradecraft, and real-world incident case studies The base pay range for this internship is USD $5610.00 - $11010.00 per month. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $7270.00 - $12030.00 per month.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-intern-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
Check out other jobs at Microsoft.